Whitespace cleanup + keyword expansion sweep.
Sponsored by: DARPA, NAI Labs git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@16 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav
parent
4c413f4604
commit
2a23af0e82
126
bin/su/su.c
126
bin/su/su.c
|
|
@ -52,91 +52,93 @@ static struct pam_conv pamc;
|
||||||
static void
|
static void
|
||||||
usage(void)
|
usage(void)
|
||||||
{
|
{
|
||||||
fprintf(stderr, "Usage: su [login [args]]\n");
|
|
||||||
exit(1);
|
fprintf(stderr, "Usage: su [login [args]]\n");
|
||||||
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
check(const char *func, int pam_err)
|
check(const char *func, int pam_err)
|
||||||
{
|
{
|
||||||
if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
|
|
||||||
return pam_err;
|
if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
|
||||||
openlog("su", LOG_CONS, LOG_AUTH);
|
return pam_err;
|
||||||
syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
|
openlog("su", LOG_CONS, LOG_AUTH);
|
||||||
errx(1, "Sorry.");
|
syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
|
||||||
|
errx(1, "Sorry.");
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
main(int argc, char *argv[])
|
main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
char hostname[MAXHOSTNAMELEN];
|
char hostname[MAXHOSTNAMELEN];
|
||||||
const char *user, *tty;
|
const char *user, *tty;
|
||||||
struct passwd *pwd;
|
struct passwd *pwd;
|
||||||
int o, status;
|
int o, status;
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
||||||
while ((o = getopt(argc, argv, "h")) != -1)
|
while ((o = getopt(argc, argv, "h")) != -1)
|
||||||
switch (o) {
|
switch (o) {
|
||||||
case 'h':
|
case 'h':
|
||||||
default:
|
default:
|
||||||
usage();
|
usage();
|
||||||
}
|
}
|
||||||
|
|
||||||
argc -= optind;
|
argc -= optind;
|
||||||
argv += optind;
|
argv += optind;
|
||||||
|
|
||||||
/* initialize PAM */
|
/* initialize PAM */
|
||||||
pamc.conv = &openpam_ttyconv;
|
pamc.conv = &openpam_ttyconv;
|
||||||
pam_start("su", argc ? *argv : "root", &pamc, &pamh);
|
pam_start("su", argc ? *argv : "root", &pamc, &pamh);
|
||||||
|
|
||||||
/* set some items */
|
/* set some items */
|
||||||
gethostname(hostname, sizeof hostname);
|
gethostname(hostname, sizeof hostname);
|
||||||
check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
|
check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
|
||||||
user = getlogin();
|
user = getlogin();
|
||||||
check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
|
check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
|
||||||
tty = ttyname(STDERR_FILENO);
|
tty = ttyname(STDERR_FILENO);
|
||||||
check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
|
check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
|
||||||
|
|
||||||
/* authenticate the applicant */
|
/* authenticate the applicant */
|
||||||
check("pam_authenticate", pam_authenticate(pamh, 0));
|
check("pam_authenticate", pam_authenticate(pamh, 0));
|
||||||
if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
|
if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
|
||||||
PAM_NEW_AUTHTOK_REQD)
|
PAM_NEW_AUTHTOK_REQD)
|
||||||
check("pam_chauthtok",
|
check("pam_chauthtok",
|
||||||
pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
|
pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
|
||||||
|
|
||||||
/* establish the requested credentials */
|
/* establish the requested credentials */
|
||||||
check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
|
check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
|
||||||
|
|
||||||
/* authentication succeeded; open a session */
|
/* authentication succeeded; open a session */
|
||||||
check("pam_open_session", pam_open_session(pamh, 0));
|
check("pam_open_session", pam_open_session(pamh, 0));
|
||||||
|
|
||||||
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1)
|
if (initgroups(pwd->pw_name, pwd->pw_gid) == -1)
|
||||||
err(1, "initgroups()");
|
err(1, "initgroups()");
|
||||||
if (setuid(pwd->pw_uid) == -1)
|
if (setuid(pwd->pw_uid) == -1)
|
||||||
err(1, "setuid()");
|
err(1, "setuid()");
|
||||||
|
|
||||||
/* XXX export environment variables */
|
/* XXX export environment variables */
|
||||||
|
|
||||||
switch ((pid = fork())) {
|
|
||||||
case -1:
|
|
||||||
err(1, "fork()");
|
|
||||||
case 0:
|
|
||||||
/* child: start a shell */
|
|
||||||
*argv = pwd->pw_shell;
|
|
||||||
execvp(*argv, argv);
|
|
||||||
err(1, "execvp()");
|
|
||||||
default:
|
|
||||||
/* parent: wait for child to exit */
|
|
||||||
waitpid(pid, &status, 0);
|
|
||||||
if (WIFEXITED(status))
|
|
||||||
status = WEXITSTATUS(status);
|
|
||||||
else
|
|
||||||
status = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* close the session and release PAM resources */
|
switch ((pid = fork())) {
|
||||||
check("pam_close_session", pam_close_session(pamh, 0));
|
case -1:
|
||||||
check("pam_end", pam_end(pamh, 0));
|
err(1, "fork()");
|
||||||
|
case 0:
|
||||||
|
/* child: start a shell */
|
||||||
|
*argv = pwd->pw_shell;
|
||||||
|
execvp(*argv, argv);
|
||||||
|
err(1, "execvp()");
|
||||||
|
default:
|
||||||
|
/* parent: wait for child to exit */
|
||||||
|
waitpid(pid, &status, 0);
|
||||||
|
if (WIFEXITED(status))
|
||||||
|
status = WEXITSTATUS(status);
|
||||||
|
else
|
||||||
|
status = 1;
|
||||||
|
}
|
||||||
|
|
||||||
exit(status);
|
/* close the session and release PAM resources */
|
||||||
|
check("pam_close_session", pam_close_session(pamh, 0));
|
||||||
|
check("pam_end", pam_end(pamh, 0));
|
||||||
|
|
||||||
|
exit(status);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,12 @@ $Id$
|
||||||
|
|
||||||
Errata in XSSO, chapter 5:
|
Errata in XSSO, chapter 5:
|
||||||
|
|
||||||
p. 25: the first member of struct pam_response is named "resp", not
|
p. 25: the first member of struct pam_response is named "resp", not
|
||||||
"response".
|
"response".
|
||||||
|
|
||||||
Errata in XSSO, chapter 6:
|
Errata in XSSO, chapter 6:
|
||||||
|
|
||||||
p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
|
p. 32: "PAM_NEW_AUTHTOKEN_REQD" in the DESCRIPTION and RETURN VALUE
|
||||||
sections should be "PAM_NEW_AUTHTOK_REQD".
|
sections should be "PAM_NEW_AUTHTOK_REQD".
|
||||||
|
|
||||||
p. 32: pam_acct_mgmt() must be allowed to return PAM_AUTH_ERR.
|
p. 32: pam_acct_mgmt() must be allowed to return PAM_AUTH_ERR.
|
||||||
|
|
@ -18,7 +18,7 @@ p. 46: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
|
||||||
p. 60: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
|
p. 60: "PAM_AUTHOK" and "PAM_OLDAUTHOK" in the DESCRIPTION section
|
||||||
should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively.
|
should be "PAM_AUTHTOK" and "PAM_OLDAUTHTOK", respectively.
|
||||||
|
|
||||||
p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is
|
p. 62: the target_authtok_len argument to pam_set_mapped_authtok() is
|
||||||
of type size_t, not a size_t *.
|
of type size_t, not a size_t *.
|
||||||
|
|
||||||
p. 52: PAM_CONV_ERR is listed out of order and with the explanatory
|
p. 52: PAM_CONV_ERR is listed out of order and with the explanatory
|
||||||
|
|
@ -52,7 +52,7 @@ p. 85: the names of several arguments to pam_sm_set_mapped_username()
|
||||||
|
|
||||||
p. 89: the user argument to pam_start() is of type const char *.
|
p. 89: the user argument to pam_start() is of type const char *.
|
||||||
|
|
||||||
p. 89: the correct definition for struct pam_conv is as follows:
|
p. 89: the correct definition for struct pam_conv is as follows:
|
||||||
|
|
||||||
struct pam_conv {
|
struct pam_conv {
|
||||||
int (*conv)(int, struct pam_message **,
|
int (*conv)(int, struct pam_message **,
|
||||||
|
|
@ -60,7 +60,7 @@ p. 89: the correct definition for struct pam_conv is as follows:
|
||||||
void *appdata_ptr;
|
void *appdata_ptr;
|
||||||
};
|
};
|
||||||
|
|
||||||
p. 90: the correct definition for struct pam_response is as follows:
|
p. 90: the correct definition for struct pam_response is as follows:
|
||||||
|
|
||||||
struct pam_response {
|
struct pam_response {
|
||||||
char *resp;
|
char *resp;
|
||||||
|
|
|
||||||
|
|
@ -141,7 +141,7 @@ pam_info(pam_handle_t *_pamh,
|
||||||
|
|
||||||
int
|
int
|
||||||
pam_prompt(pam_handle_t *pamh,
|
pam_prompt(pam_handle_t *pamh,
|
||||||
char **resp,
|
char **resp,
|
||||||
int echo,
|
int echo,
|
||||||
const char *fmt,
|
const char *fmt,
|
||||||
...);
|
...);
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ openpam_dispatch(pam_handle_t *pamh,
|
||||||
{
|
{
|
||||||
pam_chain_t *module;
|
pam_chain_t *module;
|
||||||
int err, fail, r;
|
int err, fail, r;
|
||||||
|
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
|
|
@ -147,7 +147,7 @@ _openpam_check_error_code(int primitive, int r)
|
||||||
r == PAM_CONV_ERR ||
|
r == PAM_CONV_ERR ||
|
||||||
r == PAM_PERM_DENIED)
|
r == PAM_PERM_DENIED)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
/* specific error codes */
|
/* specific error codes */
|
||||||
switch (primitive) {
|
switch (primitive) {
|
||||||
case PAM_AUTHENTICATE:
|
case PAM_AUTHENTICATE:
|
||||||
|
|
@ -186,7 +186,7 @@ _openpam_check_error_code(int primitive, int r)
|
||||||
return;
|
return;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d",
|
openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d",
|
||||||
_pam_sm_func_name[primitive], r);
|
_pam_sm_func_name[primitive], r);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ openpam_findenv(pam_handle_t *pamh,
|
||||||
size_t len)
|
size_t len)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (-1);
|
return (-1);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -43,9 +43,9 @@
|
||||||
* Control flags
|
* Control flags
|
||||||
*/
|
*/
|
||||||
#define PAM_REQUIRED 1
|
#define PAM_REQUIRED 1
|
||||||
#define PAM_REQUISITE 2
|
#define PAM_REQUISITE 2
|
||||||
#define PAM_SUFFICIENT 3
|
#define PAM_SUFFICIENT 3
|
||||||
#define PAM_OPTIONAL 4
|
#define PAM_OPTIONAL 4
|
||||||
#define PAM_NUM_CONTROLFLAGS 5
|
#define PAM_NUM_CONTROLFLAGS 5
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -91,7 +91,7 @@ struct pam_data {
|
||||||
|
|
||||||
struct pam_handle {
|
struct pam_handle {
|
||||||
char *service;
|
char *service;
|
||||||
|
|
||||||
/* chains */
|
/* chains */
|
||||||
pam_chain_t *chains[PAM_NUM_CHAINS];
|
pam_chain_t *chains[PAM_NUM_CHAINS];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -51,28 +51,28 @@
|
||||||
|
|
||||||
int
|
int
|
||||||
openpam_ttyconv(int n,
|
openpam_ttyconv(int n,
|
||||||
const struct pam_message **msg,
|
const struct pam_message **msg,
|
||||||
struct pam_response **resp,
|
struct pam_response **resp,
|
||||||
void *data)
|
void *data)
|
||||||
{
|
{
|
||||||
char buf[PAM_MAX_RESP_SIZE];
|
char buf[PAM_MAX_RESP_SIZE];
|
||||||
struct termios tattr;
|
struct termios tattr;
|
||||||
tcflag_t lflag;
|
tcflag_t lflag;
|
||||||
int fd, err, i;
|
int fd, err, i;
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
data = data;
|
data = data;
|
||||||
if (n <= 0 || n > PAM_MAX_NUM_MSG)
|
if (n <= 0 || n > PAM_MAX_NUM_MSG)
|
||||||
return (PAM_CONV_ERR);
|
return (PAM_CONV_ERR);
|
||||||
if ((*resp = calloc(n, sizeof **resp)) == NULL)
|
if ((*resp = calloc(n, sizeof **resp)) == NULL)
|
||||||
return (PAM_BUF_ERR);
|
return (PAM_BUF_ERR);
|
||||||
fd = fileno(stdin);
|
fd = fileno(stdin);
|
||||||
for (i = 0; i < n; ++i) {
|
for (i = 0; i < n; ++i) {
|
||||||
resp[i]->resp_retcode = 0;
|
resp[i]->resp_retcode = 0;
|
||||||
resp[i]->resp = NULL;
|
resp[i]->resp = NULL;
|
||||||
switch (msg[i]->msg_style) {
|
switch (msg[i]->msg_style) {
|
||||||
case PAM_PROMPT_ECHO_OFF:
|
case PAM_PROMPT_ECHO_OFF:
|
||||||
case PAM_PROMPT_ECHO_ON:
|
case PAM_PROMPT_ECHO_ON:
|
||||||
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
||||||
if (tcgetattr(fd, &tattr) != 0) {
|
if (tcgetattr(fd, &tattr) != 0) {
|
||||||
openpam_log(PAM_LOG_ERROR,
|
openpam_log(PAM_LOG_ERROR,
|
||||||
|
|
@ -88,44 +88,44 @@ openpam_ttyconv(int n,
|
||||||
err = PAM_CONV_ERR;
|
err = PAM_CONV_ERR;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
fputs(msg[i]->msg, stderr);
|
fputs(msg[i]->msg, stderr);
|
||||||
buf[0] = '\0';
|
buf[0] = '\0';
|
||||||
fgets(buf, sizeof buf, stdin);
|
fgets(buf, sizeof buf, stdin);
|
||||||
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) {
|
||||||
tattr.c_lflag = lflag;
|
tattr.c_lflag = lflag;
|
||||||
(void)tcsetattr(fd, TCSANOW, &tattr);
|
(void)tcsetattr(fd, TCSANOW, &tattr);
|
||||||
fputs("\n", stderr);
|
fputs("\n", stderr);
|
||||||
}
|
}
|
||||||
if (ferror(stdin)) {
|
if (ferror(stdin)) {
|
||||||
err = PAM_CONV_ERR;
|
err = PAM_CONV_ERR;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
for (len = strlen(buf); len > 0; --len)
|
for (len = strlen(buf); len > 0; --len)
|
||||||
if (!isspace(buf[len - 1]))
|
if (!isspace(buf[len - 1]))
|
||||||
break;
|
break;
|
||||||
buf[len] = '\0';
|
buf[len] = '\0';
|
||||||
if ((resp[i]->resp = strdup(buf)) == NULL) {
|
if ((resp[i]->resp = strdup(buf)) == NULL) {
|
||||||
err = PAM_BUF_ERR;
|
err = PAM_BUF_ERR;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PAM_ERROR_MSG:
|
case PAM_ERROR_MSG:
|
||||||
fputs(msg[i]->msg, stderr);
|
fputs(msg[i]->msg, stderr);
|
||||||
break;
|
break;
|
||||||
case PAM_TEXT_INFO:
|
case PAM_TEXT_INFO:
|
||||||
fputs(msg[i]->msg, stdout);
|
fputs(msg[i]->msg, stdout);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
err = PAM_BUF_ERR;
|
err = PAM_BUF_ERR;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
fail:
|
fail:
|
||||||
while (i)
|
while (i)
|
||||||
free(resp[--i]);
|
free(resp[--i]);
|
||||||
free(*resp);
|
free(*resp);
|
||||||
*resp = NULL;
|
*resp = NULL;
|
||||||
return (err);
|
return (err);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -73,8 +73,8 @@ pam_end(pam_handle_t *pamh,
|
||||||
/* clear items */
|
/* clear items */
|
||||||
for (i = 0; i < PAM_NUM_ITEMS; ++i)
|
for (i = 0; i < PAM_NUM_ITEMS; ++i)
|
||||||
free(pamh->item[i]);
|
free(pamh->item[i]);
|
||||||
|
|
||||||
free(pamh);
|
free(pamh);
|
||||||
|
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,7 @@ pam_get_authtok(pam_handle_t *pamh,
|
||||||
const char *prompt)
|
const char *prompt)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (pamh == NULL || authtok == NULL)
|
if (pamh == NULL || authtok == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ pam_get_data(pam_handle_t *pamh,
|
||||||
void **data)
|
void **data)
|
||||||
{
|
{
|
||||||
pam_data_t *dp;
|
pam_data_t *dp;
|
||||||
|
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
|
|
@ -62,6 +62,6 @@ pam_get_data(pam_handle_t *pamh,
|
||||||
*data = dp->data;
|
*data = dp->data;
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (PAM_NO_MODULE_DATA);
|
return (PAM_NO_MODULE_DATA);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ pam_get_item(pam_handle_t *pamh,
|
||||||
{
|
{
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
switch (item_type) {
|
switch (item_type) {
|
||||||
case PAM_SERVICE:
|
case PAM_SERVICE:
|
||||||
case PAM_USER:
|
case PAM_USER:
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ pam_get_user(pam_handle_t *pamh,
|
||||||
const char *prompt)
|
const char *prompt)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (pamh == NULL || user == NULL)
|
if (pamh == NULL || user == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -53,7 +53,7 @@ pam_getenv(pam_handle_t *pamh,
|
||||||
const char *name)
|
const char *name)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,7 @@
|
||||||
|
|
||||||
int
|
int
|
||||||
pam_prompt(pam_handle_t *pamh,
|
pam_prompt(pam_handle_t *pamh,
|
||||||
char **resp,
|
char **resp,
|
||||||
int echo,
|
int echo,
|
||||||
const char *fmt,
|
const char *fmt,
|
||||||
...)
|
...)
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ pam_putenv(pam_handle_t *pamh,
|
||||||
{
|
{
|
||||||
char **env, *p;
|
char **env, *p;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ pam_set_data(pam_handle_t *pamh,
|
||||||
int pam_end_status))
|
int pam_end_status))
|
||||||
{
|
{
|
||||||
pam_data_t *dp;
|
pam_data_t *dp;
|
||||||
|
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
|
|
@ -70,7 +70,7 @@ pam_set_data(pam_handle_t *pamh,
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((dp = malloc(sizeof *dp)) == NULL)
|
if ((dp = malloc(sizeof *dp)) == NULL)
|
||||||
return (PAM_BUF_ERR);
|
return (PAM_BUF_ERR);
|
||||||
if ((dp->name = strdup(module_data_name)) == NULL) {
|
if ((dp->name = strdup(module_data_name)) == NULL) {
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ pam_set_item(pam_handle_t *pamh,
|
||||||
|
|
||||||
if (pamh == NULL)
|
if (pamh == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
switch (item_type) {
|
switch (item_type) {
|
||||||
case PAM_SERVICE:
|
case PAM_SERVICE:
|
||||||
case PAM_USER:
|
case PAM_USER:
|
||||||
|
|
|
||||||
|
|
@ -79,11 +79,11 @@ pam_start(const char *service,
|
||||||
r = _pam_configure_service(ph, PAM_OTHER);
|
r = _pam_configure_service(ph, PAM_OTHER);
|
||||||
if (r != PAM_SUCCESS)
|
if (r != PAM_SUCCESS)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
*pamh = ph;
|
*pamh = ph;
|
||||||
openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service);
|
openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service);
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
pam_end(ph, r);
|
pam_end(ph, r);
|
||||||
return (r);
|
return (r);
|
||||||
|
|
@ -101,10 +101,10 @@ const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
|
||||||
|
|
||||||
static int
|
static int
|
||||||
_pam_add_module(pam_handle_t *pamh,
|
_pam_add_module(pam_handle_t *pamh,
|
||||||
int chain,
|
int chain,
|
||||||
int flag,
|
int flag,
|
||||||
const char *modpath,
|
const char *modpath,
|
||||||
const char *options /* XXX */ __unused)
|
const char *options /* XXX */ __unused)
|
||||||
{
|
{
|
||||||
pam_chain_t *module, *iterator;
|
pam_chain_t *module, *iterator;
|
||||||
int i;
|
int i;
|
||||||
|
|
@ -145,7 +145,7 @@ _pam_add_module(pam_handle_t *pamh,
|
||||||
for (i = 0; i < PAM_NUM_PRIMITIVES; ++i)
|
for (i = 0; i < PAM_NUM_PRIMITIVES; ++i)
|
||||||
module->primitive[i] =
|
module->primitive[i] =
|
||||||
dlsym(module->dlh, _pam_sm_func_name[i]);
|
dlsym(module->dlh, _pam_sm_func_name[i]);
|
||||||
|
|
||||||
if ((iterator = pamh->chains[chain]) != NULL) {
|
if ((iterator = pamh->chains[chain]) != NULL) {
|
||||||
while (iterator->next != NULL)
|
while (iterator->next != NULL)
|
||||||
iterator = iterator->next;
|
iterator = iterator->next;
|
||||||
|
|
@ -157,7 +157,7 @@ _pam_add_module(pam_handle_t *pamh,
|
||||||
}
|
}
|
||||||
|
|
||||||
#define PAM_CONF_STYLE 0
|
#define PAM_CONF_STYLE 0
|
||||||
#define PAM_D_STYLE 1
|
#define PAM_D_STYLE 1
|
||||||
#define MAX_LINE_LEN 1024
|
#define MAX_LINE_LEN 1024
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
|
@ -180,7 +180,7 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
||||||
}
|
}
|
||||||
openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
|
openpam_log(PAM_LOG_DEBUG, "looking for '%s' in %s",
|
||||||
service, filename);
|
service, filename);
|
||||||
|
|
||||||
for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
|
for (line = 1; fgets(buf, MAX_LINE_LEN, f) != NULL; ++line) {
|
||||||
if ((len = strlen(buf)) == 0)
|
if ((len = strlen(buf)) == 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
@ -206,7 +206,7 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
||||||
continue;
|
continue;
|
||||||
buf[len] = '\0';
|
buf[len] = '\0';
|
||||||
p = q = buf;
|
p = q = buf;
|
||||||
|
|
||||||
/* check service name */
|
/* check service name */
|
||||||
if (style == PAM_CONF_STYLE) {
|
if (style == PAM_CONF_STYLE) {
|
||||||
for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
|
for (q = p = buf; *q != '\0' && !isspace(*q); ++q)
|
||||||
|
|
@ -220,7 +220,7 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
||||||
filename, line, service);
|
filename, line, service);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* get module type */
|
/* get module type */
|
||||||
for (p = q; isspace(*p); ++p)
|
for (p = q; isspace(*p); ++p)
|
||||||
/* nothing */;
|
/* nothing */;
|
||||||
|
|
@ -266,7 +266,7 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
||||||
filename, line, p);
|
filename, line, p);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get module name */
|
/* get module name */
|
||||||
for (p = q; isspace(*p); ++p)
|
for (p = q; isspace(*p); ++p)
|
||||||
/* nothing */;
|
/* nothing */;
|
||||||
|
|
@ -274,7 +274,7 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
||||||
/* nothing */;
|
/* nothing */;
|
||||||
if (q == p)
|
if (q == p)
|
||||||
goto syntax_error;
|
goto syntax_error;
|
||||||
|
|
||||||
/* get options */
|
/* get options */
|
||||||
if (*q != '\0') {
|
if (*q != '\0') {
|
||||||
*q++ = 0;
|
*q++ = 0;
|
||||||
|
|
@ -283,8 +283,8 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Finally, add the module at the end of the
|
* Finally, add the module at the end of the
|
||||||
* appropriate chain and bump the counter.
|
* appropriate chain and bump the counter.
|
||||||
*/
|
*/
|
||||||
if ((r = _pam_add_module(pamh, chain, flag, p, q)) !=
|
if ((r = _pam_add_module(pamh, chain, flag, p, q)) !=
|
||||||
PAM_SUCCESS)
|
PAM_SUCCESS)
|
||||||
|
|
@ -302,7 +302,7 @@ _pam_read_policy_file(pam_handle_t *pamh,
|
||||||
|
|
||||||
if (ferror(f))
|
if (ferror(f))
|
||||||
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
|
openpam_log(PAM_LOG_ERROR, "%s: %m", filename);
|
||||||
|
|
||||||
fclose(f);
|
fclose(f);
|
||||||
return (n);
|
return (n);
|
||||||
}
|
}
|
||||||
|
|
@ -313,10 +313,10 @@ static const char *_pam_policy_path[] = {
|
||||||
"/usr/local/etc/pam.d/",
|
"/usr/local/etc/pam.d/",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static int
|
static int
|
||||||
_pam_configure_service(pam_handle_t *pamh,
|
_pam_configure_service(pam_handle_t *pamh,
|
||||||
const char *service)
|
const char *service)
|
||||||
{
|
{
|
||||||
const char **path;
|
const char **path;
|
||||||
char *filename;
|
char *filename;
|
||||||
|
|
@ -345,6 +345,6 @@ _pam_configure_service(pam_handle_t *pamh,
|
||||||
if (r > 0)
|
if (r > 0)
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ pam_strerror(pam_handle_t *pamh,
|
||||||
static char unknown[16];
|
static char unknown[16];
|
||||||
|
|
||||||
pamh = pamh;
|
pamh = pamh;
|
||||||
|
|
||||||
switch (error_number) {
|
switch (error_number) {
|
||||||
case PAM_SUCCESS:
|
case PAM_SUCCESS:
|
||||||
return ("success");
|
return ("success");
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,7 @@ int
|
||||||
pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
||||||
int argc, const char *argv[])
|
int argc, const char *argv[])
|
||||||
{
|
{
|
||||||
|
|
||||||
return (PAM_AUTH_ERR);
|
return (PAM_AUTH_ERR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -48,7 +48,7 @@ int
|
||||||
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
||||||
int argc, const char *argv[])
|
int argc, const char *argv[])
|
||||||
{
|
{
|
||||||
|
|
||||||
return (PAM_PERM_DENIED);
|
return (PAM_PERM_DENIED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -56,7 +56,7 @@ int
|
||||||
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
||||||
int argc, const char *argv[])
|
int argc, const char *argv[])
|
||||||
{
|
{
|
||||||
|
|
||||||
return (PAM_AUTH_ERR);
|
return (PAM_AUTH_ERR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,7 @@ int
|
||||||
pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
pam_sm_authenticate(pam_handle_t *pamh, int flags,
|
||||||
int argc, const char *argv[])
|
int argc, const char *argv[])
|
||||||
{
|
{
|
||||||
|
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -48,7 +48,7 @@ int
|
||||||
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
||||||
int argc, const char *argv[])
|
int argc, const char *argv[])
|
||||||
{
|
{
|
||||||
|
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -56,7 +56,7 @@ int
|
||||||
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
|
||||||
int argc, const char *argv[])
|
int argc, const char *argv[])
|
||||||
{
|
{
|
||||||
|
|
||||||
return (PAM_SUCCESS);
|
return (PAM_SUCCESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue